The need for Anti Virus software

[Richard Urban]

You would think, wouldn't you. But most of the computers I work on were
infected by people doing just that - opening email attachments. They usually
came from friends computers.

So, anyone who runs without antivirus and anti spyware programs are asking
for problems.

--


Regards,

Richard Urban MVP
Microsoft Windows Shell/User

 

[Michael Chare]

Thanks, I wouldn't send you an e-mail anyway.

But back to the matter at hand, simple common sense says not to open e-
mail attachments. Period. End of story. That should be enough.

And besides, how often have you sent a valid e-mail with an exe file
attached, or attached a .vbs or .com or .bat ?

I did once get caught by a .scr file which cam (inadvertently) from some I
had asked to provide some information. The virus was quite clever as it
scanned an inbox and sent emails to all opened mail!

Running AVG has identified two magistr.a (or similar) viruses which were in
an old inbox that I trasnferred from my old PC.

Running AVG on my new PC has not made a noticeable increase to the boot time
I am pleased to say.

 

[cquirke (MVP Windows shell/user)]

On Tue, 27 Mar 2007 09:12:34 -0400, "Mike Hall - MS MVP"

AVG 7.5 free version anti-virus is an excellent product that will cost you
nothing, and is not anything like as invasive as McAfee or Norton.. it
updates daily, and users of it report back only good things..

Yep; that's what I use, too. Caveat: If...
- you are on dial-up
- your email disconnects when "done"
....then UNselect the email scanner component on install.

Also, by default, AVG scans "the system" at 8 am daily, which is often
when folks start their working day. That would cause "AVG slows down
my PC" complaints, so I always turn it off.

A firewall and NAT router will stop unsolicited stuff getting to your
computer.. what neither of them will stop is a user unwittingly letting bad
stuff in.. an anti-virus solution is just one line of defense..

Yup. Firewall, NAT, and getting rid of WiFi if you don't use it, are
your first barriers, or your "forward strikers", to use a soccer
analogy. Your single resident av is your "goalie of last resort".

In between that, one can do many other things...
- safer system and UI settings
- kill admin shares
- stop autorunning newly-inserted drives
- choose safer edge-facing apps
- keep the OS updated
- passive "vaccination" a la Spyware Blaster
- apply data hygiene, i.e. keep riskware out of data backups
- route riskware into a common subtree
- aim a tier of on-demand scanners at that subtree
- build your own "safe hex" skills
- prepare for when you have to formally manage malware

You should also run (and update regularly) SpywareBlaster, a utility that
immunizes IE against attack, requiring no user dependency other than
updating..

Yep, I like that one, too ;-)

These two can't do it all by themselves, so you may also want to run either
Ewido or Trend Housecall on line scans now and again...

Er, no - I'm not a fan of picking a fight with running malware (e.g.
"scan the whole system every night from within ?infected Windows, in
case your av missed something") and I'm even less a fan of:
- reaching an "online scanning site" via ?malware-poisoned DNS
- allowing that site to drop and run active content on the PC
- staying online while that dropped code gropes all my files

The only use I'd make of on-line scanners is to upload files to be
tested, *before* groping or "opening" those files.

AVG.. http://free.grisoft.com/freeweb.php/doc/2/

SpywareBlsater.. http://www.javacoolsoftware.com/spywareblaster.html

Ewido.. http://www.ewido.net/en/ (look to the left side of the page for the
online scan)

Ewido is now AVG AntiSpyware 7.5, and acquiring it was a very shrewd
move for AVG... vastly boosts their cred ;-)

Still needed, IMO. As long as it's compitent, it doesn't matter which
one you use; free AVG updated daily would likely be better protection
than Kaspersky that the user updates only once a week.

The important thing to remember is that various anti-malware tactics
mesh in ways that compliment each other, whereas applying the same
tactic multiple times (e.g. running multiple av scanners and doing
nothing else) meshes far more poorly.

Some barriers are narrow, but absolute.

For example, if malware relies on admin shares to enter via clickless
attack, and you don't have admin shares exposed, your are absolutely
protected against that attack.

To any number of attacks that use a different method, you're just as
wide open as before - so it is a narrow protection.

Other barriers are broad, but leaky.

For example, a resident av should "catch" malware as it tries to be
created as a file, or is loaded into memory, before it can run - so
the protection is broad, because it works no matter what methods the
malware used to get into the system.

But all mugshot-recognition scanners will fail to detect malware that
is any one or more of...
- too "new" to be recognised
- seldom exposed in the wild, so unknown to the av vendor
- legitimate software dropped and run for malware purposes
....and will also fail if other active malware has disabled it.

Even "safe hex" has its limits.

Yes, you'd apply the "Turing Test" even when getting mail "from
someone you know", because you know very well that malware is most
often from infected PCs that have your email address visible on it
(i.e. "someone you know").

So if you aren't convinced an actual human user chose to send that
message and those specific attached files, you'd not "open" them, no
matter how clean the av thinks they are.

But what if "someone you know" is infected with a malware that infects
the "data" files the user really does intend to send? Your "safe hex"
doesn't get traction in that context, so you'd hope the av scanner
would catch the ball. It is likely to do so, as n-generation spread
by infecting "real" files is usually slow enough for the av to update
itself with an awareness of that malware before it reaches you.

We look beyond what dumb retail tries to sell us (as an OEM, I discard
buldleware Norton AV "starter" CDs that fall out of the box when I
assemble PCs) and use either free stuff like AVG, Avast and what used
to be called AntiVir, or if we do buy feeware, it's something
best-of-breed like Kaspersky (thourough) or NOD32 (light on
performance impact and pretty good) or F-Secure (multiple scanning
engines including Kaspersky; may impact performance).

But we do a lot more than "in av we trust" ;-)

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[cquirke (MVP Windows shell/user)]

On Tue, 27 Mar 2007 15:24:00 +0100, "Mark Rae"

AVG also have a free anti-spyware package, but it's probably a bit too
crippled for serious consideration:
http://free.grisoft.com/doc/avg-anti-spyware-free/lng/us/tpl/v5

On the contrary, it's a very good scanner (Ewido) that's perfect for
on-demand use. The only "crippling" is that resident features dry up
after the trial period, but with av and Defender already resident,
that suits me just fine.

I'd use a number of on-demand-only scanners, such as AdAware, Spybot,
AVG AntiSpyware and A-Squared.

You can also add on-demand av scanners such as Trend SysClean,
BitDefender etc. but I'd use them differently; instead of scanning
"the whole system", I'd level them at incoming material that hasn't
yet been "opened", before "opening" it.

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[cquirke (MVP Windows shell/user)]

Running AVG has identified two magistr.a (or similar) viruses which were in
an old inbox that I trasnferred from my old PC.

Nasty bug, Magistr... actually, one of the most fascinating set of
malware strategies I've ever seen. A payload worth avoiding, too

------------ ----- ---- --- -- - - - -

The most accurate diagnostic instrument
in medicine is the Retrospectoscope

 

[Guest]

I felt the same about vista but installed an anti-virus and spyware scanner
just to be sure, today i downloaded a game patch from a respected site with
certificates on site about adware ect.

Well there was adware in the download Vista missed it, never even sneezed
but avast caught it rightaway alarms of warning and what to do about it.

Avast is free for home use and i am thankfull i had it running!! i look at
this way when i lock the door i also lock the deadbolt

 

[Guest]

In his book "Windows Vista-The Book that should have been in the box" David
Pogue says that you do need anti virus in addition to the security built into
Vista. I use Avast-a free software download-and am very pleased with it. Hope
this is helpful.
brassplate577

 

[Guest]

OK, so what product would you recommend for a Vista Ultimate 64-bit system
for security protection? I had been a McAfee customer for years using my
previous Win 98 PC, but sadly they don't offer a program for 64-bit systems.
I am also getting a warning on the lower right part of my desktop that says I
am unprotected. Please help.

 

[Guest]

There will most likely always be a need for it, at least until people stop
making virus and other "problem" programs anyway.

The thing about this debate is, it's really not a Microsoft vs. Mac vs.
Linux issue as some say it is. Sure, no one's writing virus programs for
Linux, but the Linux kernal *is* wide open to anyone who wants to maninpulate
it. That to me says that at any given time, Redhad can code in "phone home"
features to track what I'm doing a shrewdly as they want to be, for example.
(I'm in no way saying Red Hat does this - I'm sure they don't.)

And all I'm really going to say about Mac is if there's no virus like the
ads say, then why do they sell Norton Antivirus for Mac? Is it like a placebo
then?

I'm all for just using what works best for you. If Linux is what you need
then go for it, don't let me stop you. Same with Mac. I don't think Microsoft
Products are any better or worse, but it's what I *need* so I'm genuinly
happy about any upgrades and enhancements.

The place I'm going with this is why have to stop laying blame for spyware,
malware and virus programs on the feet of the vendors - if Mac gets hit with
a million viruses tomorrow it's no more their fault than it would be if it
was Linux - it's the people who create these programs (or let them lose on
the world) that we should instead be turning our anger to.

Think about it, when was the last time we all bad mouthed a lock maker
because someone's house got robbed?

I mean, to me, I think we're looking at some great options for our operating
systems these days. Mac OS X is awesome, and Linux has really come far too,
and Vista is really neat if you use it. We shouldn't let some cyber-space
criminals ruin our experiances on the Internet.

I'll close with a remark about the "email program" banter that is seen here
- I've used Microsoft Outlook since Office '97, and I have never ever been
infected by a virus. (And I use HTML email). I simply have a proactive stance
against it. I have my firewall, my antivirus (I don't even use a spam
filter), and I get something that looks fishy, I simply delete it.

So, if something other than Outlook is working awesome for you, then that's
great, good to hear it, but we shouldn't be blaming the vendors for making a
product that their customers want to use. To each his own I guess, but in the
end, we have to stand up as a community on the 'Net and say enough is enough.

My 2 Cents... More like 1/2 a cent...

Mark

 

[Dave Cox]

There will most likely always be a need for it, at least until
people stop making virus and other "problem" programs anyway.

The thing about this debate is, it's really not a Microsoft vs.
Mac vs. Linux issue as some say it is. Sure, no one's writing
virus programs for Linux, but the Linux kernal *is* wide open to
anyone who wants to maninpulate it. That to me says that at any
given time, Redhad can code in "phone home" features to track what
I'm doing a shrewdly as they want to be, for example. (I'm in no
way saying Red Hat does this - I'm sure they don't.)

And all I'm really going to say about Mac is if there's no virus
like the ads say, then why do they sell Norton Antivirus for Mac?
Is it like a placebo then?

I'm all for just using what works best for you. If Linux is what
you need then go for it, don't let me stop you. Same with Mac. I
don't think Microsoft Products are any better or worse, but it's
what I *need* so I'm genuinly happy about any upgrades and
enhancements.

The place I'm going with this is why have to stop laying blame for
spyware, malware and virus programs on the feet of the vendors -
if Mac gets hit with a million viruses tomorrow it's no more their
fault than it would be if it was Linux - it's the people who
create these programs (or let them lose on the world) that we
should instead be turning our anger to.

Think about it, when was the last time we all bad mouthed a lock
maker because someone's house got robbed?

I mean, to me, I think we're looking at some great options for our
operating systems these days. Mac OS X is awesome, and Linux has
really come far too, and Vista is really neat if you use it. We
shouldn't let some cyber-space criminals ruin our experiances on
the Internet.

I'll close with a remark about the "email program" banter that is
seen here - I've used Microsoft Outlook since Office '97, and I
have never ever been infected by a virus. (And I use HTML email).
I simply have a proactive stance against it. I have my firewall,
my antivirus (I don't even use a spam filter), and I get something
that looks fishy, I simply delete it.

So, if something other than Outlook is working awesome for you,
then that's great, good to hear it, but we shouldn't be blaming
the vendors for making a product that their customers want to use.
To each his own I guess, but in the end, we have to stand up as a
community on the 'Net and say enough is enough.

My 2 Cents... More like 1/2 a cent...

Mark

Great post mark,

To the OP I use AVG Free edition.

 

[Guest]

Avast is a free anti virus program that runs just fine on Vista Ultimate 64

www.avast.com

 

[Guest]

Thanks, Mark. I'll check it out.

Neon

Avast is a free anti virus program that runs just fine on Vista Ultimate 64

www.avast.com

 

[MICHAEL]

NOD32
Windows Vista 32-bit and 64-bit

http://www.eset.com/

http://www.eset.com/products/windows.php

http://www.eset.com/products/compare.php

 

[Guest]

Well if you look at the Unix operating system, which has a bullet-proof
security. And then at Windows, well there is only one answer.

Develop Windows with the request for a password to modify and system
changes. e.g registry. (just like the Root account and Super User in Linux)
So Spyware and Viruses will have to ask for a password to change the system.
And if you keep geting a message that "Hotbar wants to change the registry.
Please enter your Adminstrator password now" Then Windows will be virus free.

Banks will have no use for Linux and Unix servers, if Windows was as secure
as Linux was.

Paranoid computer users will have no need to buy a Mac. Windows is secure!

Users who want a computer that "Just Works" will have no need to buy a Mac.

Steve Ballmer change Windows!!!

Nick.

 

[Frank]

Well if you look at the Unix operating system, which has a bullet-proof
security.

 

[Guest]

Well as much as hate paying for it norton is the lifebelt i use and although
it slows down the boot speed it has never let me down. but on a regular basis
i backup all my docs and format the hard drive and start from scratch running
scans at every stage.

 

[Guest]

The others run an antivirus program. I wouldn't even participate in email
with my children if I didn't have one installed.

--


Regards,

Richard Urban MVP
Microsoft Windows Shell/User

 

[Guest]

Avast had peaked up on viruses on some websites that I came across by
accident. The system of mine that had Norton on it, didn't even noticed and
I did a system scan on that system and then it told me it was infected. So
now AVast is on all of my systems.

 

[Guest]

I wouldn't accept an email from you either if I were not protected.. I have
no idea of the state of your computer. I have no idea if you sent it or it
was sent by a malicious program you don't even know resides on your machine.

The fact remains that the majority of people do not even know that their
computer has been taken over and is spewing out malware to others.

I have worked on a heck of a lot of computers where the owners told me they
were having no problems - it just runs slow. Were they surprised when I
turned up a ton of s**t.

--


Regards,

Richard Urban MVP
Microsoft Windows Shell/User

 

[Guest]

Actually, one of the few times I've ever gotten a virus was my first week on
Vista Basic with AVG installed. The anti-virus missed the virus I was
installing. Vista tried to warn me, multiple times. I ignored the UAC
because I thought I was installing a plug in, silly me. To Vista's credit it
came up and warned me I had installed a virus and spyware and shut it down.
Then the system went beserk. AVG just sat there. Vista was posting messages
like dude, go up to onecare live and scan, of course explorer was dead and in
an infinite loop, so no joy there, but good suggestion.

Moral of the story, even with anti-virus, pay attention to UAC. I'm sure
there will be something that gets around it eventually. Be that as it may,
the fact it warned me while AVG was contemplating life was most impressive.
Too bad I didn't listen.

Gary